Re: [exim] DKIM signature where the identity field has a lea…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Tony Meyer
CC: exim-users
Subject: Re: [exim] DKIM signature where the identity field has a leading slash attempts to touch the filesystem
On 2011-05-05 at 19:40 +1200, Tony Meyer wrote:
>   accept
>     dkim_status    = none
>     sender_domains = KNOWN_DKIM_SIGNERS
>     dkim_signers   = KNOWN_DKIM_SIGNERS
>     condition      = ${if
> match_domain{$sender_address_domain}{$dkim_cur_signer}}
>     log_message    = Possible DKIM Forgery: Unsigned message from
> $sender_address_domain
>     add_header     = :at_start:X-DKIM: Exim $version_number on
> $primary_hostname (no dkim signature for required
> domain:$dkim_cur_signer)


> So that would mean the problem is with "${if
> match_domain{$sender_address_domain}{$dkim_cur_signer}}" then? If I
> reversed this to "${if
> match_domain{$dkim_cur_signer}{$sender_address_domain}}" would that
> then be correct? i.e. only the second item is treated as a list, so a
> leading slash in the first has no effect?


Yes. No.

You've identified the cause, but reversing the order of the items isn't
the correct fix. You basically just want to test if two strings are
equal (ignoring case), with none of the domainlist matching logic of
handling named lists, regexps, files or other list items.

condition = ${if eqi{$sender_address_domain}{$dkim_cur_signer}}

-Phil